Grond

Table of Contents:

1. About
2. Usage
   • Docker Hub
   • Docker build files
   • with reconFTW
   • with LazyRecon
   • with Garud

About

Grond is a docker container that includes a number of tools most frequently used for recon - and some for exploitation - by Bug Bounty Hunters.

It is intended to be a drop in environment wherefrom you can immediately launch automation scripts such as reconftw, lazyrecon, and others.

List of included tools

- CMSeeK
- Corsy
- Gf-Patterns
- Gxss
- JSA
- LinkFinder
- Oralyzer
- Web-Cache-Vulnerability-Scanner
- amass
- analyticsrelationships
- anew
- axiom
- brutespray
- cero
- clairvoyance
- cloud_enum
- commix
- crlfuzz
- ctfr
- dalfox
- dnstake
- dnsvalidator
- dnsx
- dorks_hunter
- dsieve
- emailfinder
- enumerepo
- fav-up
- ffuf
- gau
- gf
- gitdorks_go
- github-endpoints
- github-subdomains
- gospider
- gotator
- gowitness
- graphw00f
- h8mail
- httpx
- inscope
- interactsh-client
- interlace
- ipcdn
- mapcidr
- massdns
- metafinder
- notify
- nuclei
- puredns
- pwndb
- pydictor
- qsreplace
- roboxtractor
- rush
- s3scanner
- smap
- smuggler
- subfinder
- subjack
- subjs
- subzy
- testssl
- theHarvester
- tlsx
- trufflehog
- ultimate-nmap-parser
- unfurl
- urless
- wafw00f
- waybackurls
- xnLinkFinder

Usage

Docker Hub

Pull the image from Docker Hub

❯ docker pull frost19k/grond

Docker build files

If you wish to build the image yourself

❯ git clone -b Grond https://github.com/frost19k/Dockerfiles.git /grond
❯ cd /grond
❯ docker buildx build -t my_grond .

reconFTW

ReconFTW is available in the image and can be run by out-of-the-box

❯ docker run -it --rm \
  -w '/reconftw' \
  -v "${PWD}/Recon":'/reconftw/Recon' \
  frost19k/grond ./reconftw.sh -d example.com -r

However, you may wish to configure the environment with your config files to get better results.

I recommend creating a directory structure like so:

reconftw
├── configs
│   ├── amass.ini
│   ├── github.txt
│   ├── h8mail.ini
│   ├── linode.json
│   ├── notify.yaml
│   ├── subfinder.yaml
│   └── theHarvester.yml
└── Dockerfile

The file linode.json would look something like this:

{
  "do_key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "region": "us-east",
  "provider": "linode",
  "default_size": "g6-standard-1",
  "appliance_name": "",
  "appliance_key": "",
  "appliance_url": "",
  "email": ""
}

Consult the tool specific documentation for the other files.

You can then use the following Dockerfile to compile the image:

# syntax=docker/dockerfile:1.4

FROM frost19k/grond:latest

COPY configs/amass.ini /root/.config/amass/config.ini
COPY configs/github.txt /root/tools/.github_tokens
COPY configs/h8mail.ini /root/tools/h8mail_config.ini
COPY configs/linode.json /root/.axiom/accounts/
COPY configs/notify.yaml /root/.config/notify/provider-config.yaml
COPY configs/subfinder.yaml /root/.config/subfinder/provider-config.yaml
COPY configs/theHarvester.yml /root/tools/theHarvester/api-keys.yaml

RUN<<eot
##->> Build axiom provisioner
[[ -d '/root/.ssh' ]] && find /root/.ssh -type f -delete || mkdir /root/.ssh
ssh-keygen -b 2048 -t rsa -f /root/.ssh/axiom_rsa -q -N ''
cat /root/.ssh/axiom_rsa.pub > /root/.axiom/configs/authorized_keys
axiom-account linode
axiom-build reconftw || :
eot

WORKDIR /reconftw
ENTRYPOINT ["./reconftw.sh"]

Build command

❯ cd reconftw/
❯ docker buildx build -t my_reconftw .

LazyRecon

Coming soon!!!

Garud

Coming soon!!!